#4992 hsts header for lists.fedorarproject.org got lost
Closed: Fixed None Opened 9 years ago by till.

= bug description =
There is no HSTS header anymore for lists.fpo:
{{{
curl -sI https://lists.fedoraproject.org/ | grep Strict
}}}

= bug analysis =

I am sure there was one and ansible shows it as well:

{{{
$ cat -n playbooks/include/proxies-websites.yml
456 - role: httpd/website
457 name: lists.fedoraproject.org
458 server_aliases: [lists.stg.fedoraproject.org]
459 sslonly: true
460 # Set this explicitly to stg here.. as per the original puppet config.
461 SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
462 cert_name: "{{wildcard_cert_name}}"
463 when: env == "staging"
}}}

= fix recommendation =

Maybe this configuration is not used anymore because of hyperkitty. Then adjust the new configuration to use HSTS.


It's not using the proxy setup, it's going directly via our old mailman2 server (collab03).

I've fixed it up there for now. As soon as we move fully to mailman3 we will switch to using proxies.

Log in to comment on this ticket.

Metadata